A “spoof” attack occurs when a rogue process gains access to sensitive data by presenting itself as a legitimate process. For example, imagine a rogue process that spoofs a legitimate operating system logon process. Such a rogue process might present a User Interface (UI) on a computer's display that appears to be a legitimate user logon UI. The user may unwittingly enter their username and password. Once this sensitive data is obtained by a rogue process, much of the user's sensitive data may be vulnerable.
Various secure computing technologies in use today have not been adequately leveraged to address the spoof attack problem. A Hardware Security Module (HSM) has been used recently to help ensure trustworthiness of software that executes on a computer in some scenarios. The HSM is a processor that is typically affixed to a computer's motherboard. It can securely store a secret, for example, a password, that may be needed to access some computing resource. The secret is “sealed” by the HSM, and may only be released if correct information is provided to the HSM. A popular HSM in use today is the Trusted Processing Module (TPM), as developed and published by the TRUSTED COMPUTING GROUP® (TCG).
In an exemplary arrangement, one or more measurements may be submitted to a HSM, and the HSM determines if the measurements are what they should be. If they are, the HSM may release one or more secrets. This arrangement can be used to ensure the authenticity of a software component prior to allowing the component to execute. For example, a software component might first be measured by performing a hash over the component. The resulting measurement can be passed to a HSM. A secret can be sealed to the measurement, such that the secret is available only if the same measurement is submitted. Prior to allowing the component to execute, it can be measured to ensure that the component has not changed since the secret was sealed. The measurement can be submitted to the HSM. If the measurement is correct, the secret may be released, which allows the component to execute. If the submitted measurement is not correct, then the secret may not be released and the component may be prevented from executing.
While the use of a HSM, or other secure computing technologies, can authenticate a software component, note that a user may have no signal that a UI presented to them on a display was in fact authenticated. The possibility remains that a rogue process may completely bypass a HSM, and present a spoofed UI to a user. As public understanding of secure computing measures improves, new attacks are inevitably developed to bypass security features.
To this end, U.S. patent application Ser. No. 10/691,759 presents, among other developments, a technique for providing a computer user with proof that a UI he or she sees is authenticated. A text string, such as a name of a computer user's dog, “Fido,” may be protected as a secret. If a component, process, or other data is authenticated, the string may be presented to the user in a corresponding UI. For example, when running MICROSOFT INTERNET EXPLORER® (IE), a user might see his dog's name in a portion of the UI, thereby indicating to the user that the IE application was properly authenticated.
The drawbacks of using a text string to authenticate a UI to a computer user are twofold. First, this technique may be vulnerable to “over the shoulder” attacks. An attacker who simply looks over the shoulder of a computer user with a UI which is protected in this manner may obtain the user's secret information, e.g., “Fido,” and may design a spoof attack directed at that user. The attacker may design a rogue application that also displays “Fido” without first authenticating itself.
Second, text strings are notoriously overlooked by users. Studies show that users who see the first few characters of a word often do not notice when the remainder is misspelled. Users are presented with large amounts of text in an average workday, and simply may not bother to double-check the security string that demonstrates they are engaging with an authenticated UI. Thus, attacks that simply spoof a string may be successful in some percentage of cases.
Furthermore, the difficulties in demonstrating authenticity of computer processes are compounded in the context of virtual machine technologies. Virtual machines, in general, involve the simultaneous execution of two operating systems on a single computer system. A first operating system may have security features, such as those using the HSM as described above, while the other operating systems do not.
Numerous virtual machine configurations exist in the industry. A virtual machine monitor (VMM) can allow complete separation between two execution environments. Another configuration allows one operating system act as a “host” for another operating system, a “guest”. In this case, the host operating system provides the guest with resources such as memory and processor time. Another exemplary configuration uses an “exokemel.” An exokemel manages certain devices (e.g., the processor and the memory), and also manages certain types of interaction between the operating systems.
Where two or more operating systems execute on a single computer system, one may be a “high-assurance” operating system, referred to herein as a “nexus.” A high-assurance operating system is one that provides a certain level of assurance as to its behavior. For example, a nexus might be employed to work with secret information (e.g., cryptographic keys, etc.) that should not be divulged, by providing a curtained memory that is guaranteed not to leak information to the world outside of the nexus, and by permitting only certain certified applications to execute under the nexus and to access the curtained memory. It may be desirable for the nexus to be the guest operating system, and a second operating system, not subject to the same level of assurance as to behavior, to be the host operating system. This allows the nexus to be as small as possible. A small nexus allows a higher level of confidence in the assurance provided by the nexus. Therefore operating system functions are run by the host operating system.
One such system function which may be run by the host operating system is a windowing system. When using a windowing system, a user's display will be populated with UIs, areas on the screen which display information from an application. An application may have one or more UIs. When security features, such as the use of a HSM, or the security features of a nexus or other guest operating system, exist in a first operating system execution environment, but are used to authenticate UIs in another execution environment, a number of additional technological and practical considerations arise.
Thus, there is a need in the industry for improved techniques to demonstrate the authenticity of computer processes to computer users.